Re: Email based attack on University

To: debian-user@lists.debian.org
Subject: Re: Email based attack on University
From: Henning Follmann <hfollmann@itcfollmann.com>
Date: Wed, 2 Oct 2019 08:41:11 -0400
Message-id: <[🔎] 20191002124111.GA14534@smallapple.localnet>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 54ee1ddd-6324-4f70-8517-942c4a8e63aa@www.fastmail.com>
References: <[🔎] dc2186e3-138a-ba0e-3243-fd7766b24db2@gmail.com> <[🔎] 54ee1ddd-6324-4f70-8517-942c4a8e63aa@www.fastmail.com>

On Wed, Oct 02, 2019 at 10:40:34AM +0100, Jeremy Nicoll wrote:
> On Wed, 2 Oct 2019, at 10:03, Keith Bainbridge wrote:
> 
> > Details are at
> > 
> > https://www.abc.net.au/news/2019-10-02/anu-cyber-hack-how-personal-information-got-out/11550578
> > https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540
> 
> It seems to me that everything follows from whatever access the initial 'unclicked email' malware
> gave to the hackers.
> 
> But how can malware jump from an email that's not "clicked", into some part of the university's 
> systems?

Well, somebody is not telling the truth. Understandable, considering the consequences.

> 
> Unless... the email was being viewed via a webmail system running on a server not owned by the
> university?
> 
> Then... is this just malware of the sort that any website could deliver to any visitor? 
> 
> Even if it was, one might expect the viewer to have been using a desktop PC of some sort, with - 
> surely - whatever anti-malware software the university deems appropriate for their PCs?
> 
> Or... do all their staff use a mish-mash of personal devices, and those don't have to have any 
> anti-malware apps on them?
>

And back to the original question: noexec home directories.
No this does not help. It might in a very few cases prevent some damage, but once the
code runs on the computer (not launched from the home directory) the damage is pretty
much done.

Here is one thing which actually make everybody safer: Do NOT (NEVER!) accept files
which might include executable code.
Office files (MS or OO )
only PDF/A is OK every other PDF, throw it out.
No multimedia (movies, mp3).

And I hear already the crowds crying, but we need this for work.
No you don't!
I do not need a powerpoint presentation in my mail. If you want bullet points
just use "-" and indentation. You can do that in a text made from ASCII characters
only.
Excel is  shit to begin with. Get rid of it, not only in e-mail.
Whatever can be written in Word, can be written just in ASCII text.
And you suck at typography anyway, do not even try.

-H

-- 
Henning Follmann           | hfollmann@itcfollmann.com

Reply to:

Follow-Ups:
- Re: Email based attack on University
  - From: Carl Fink <carl@finknetwork.com>
- Re: Email based attack on University
  - From: Lee <ler762@gmail.com>
- Re: Email based attack on University
  - From: deloptes <deloptes@gmail.com>

References:
- Email based attack on University
  - From: Keith Bainbridge <keithrbau@gmail.com>
- Re: Email based attack on University
  - From: "Jeremy Nicoll" <jn.ml.dbn.25@letterboxes.org>

Prev by Date: Re: Email based attack on University
Next by Date: Re: Debian Installer, Manual Partitioning is a Joke
Previous by thread: Re: Email based attack on University
Next by thread: Re: Email based attack on University
Index(es):
- Date
- Thread